upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 57

Mitigate encoding issue with user principal uri

Browse source 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
This commit is contained in:
Georg Ehrke 2020-09-10 12:55:41 +02:00 committed by backportbot[bot]
parent 6ca4627d97
commit d87b9dd3f9
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apps/dav/lib/Connector/Sabre/Principal.php
View file

@ -170,7 +170,11 @@ class Principal implements BackendInterface {
}
if ($prefix === $this->principalPrefix) {
$user = $this->userManager->get($name);
// Depending on where it is called, it may happen that this function
// is called either with a urlencoded version of the name or with a non-urlencoded one.
// The urldecode function replaces %## and +, both of which are forbidden in usernames.
// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
$user = $this->userManager->get(urldecode($name));
if ($user !== null) {
return $this->userToPrincipal($user);